Improved jwt handling for node access tokens. Switched to di plugin system

2025-02-24 21:03:23 +01:00
parent 67efe71247
commit a8d867c3c7
11 changed files with 101 additions and 48 deletions
--- a/MoonlightServers.ApiServer/Services/NodeService.cs
+++ b/MoonlightServers.ApiServer/Services/NodeService.cs
@@ -1,3 +1,7 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using Microsoft.IdentityModel.Tokens;
 using MoonCore.Attributes;
 using MoonCore.Extended.Helpers;
 using MoonCore.Helpers;
@@ -20,20 +24,43 @@ public class NodeService
            url += "http://";

        url += $"{node.Fqdn}:{node.HttpPort}/";
-        
+
        var httpClient = new HttpClient()
        {
            BaseAddress = new Uri(url)
        };
-        
+
        httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {node.Token}");

        return new HttpApiClient(httpClient);
    }

    public string CreateAccessToken(Node node, Action<Dictionary<string, object>> parameters, TimeSpan duration)
-        => JwtHelper.Encode(node.Token, parameters, duration);
-    
+    {
+        var claims = new Dictionary<string, object>();
+        parameters.Invoke(claims);
+
+        var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
+
+        var securityTokenDescriptor = new SecurityTokenDescriptor()
+        {
+            Expires = DateTime.UtcNow.Add(duration),
+            NotBefore = DateTime.UtcNow.AddSeconds(-1),
+            Claims = claims,
+            IssuedAt = DateTime.UtcNow,
+            SigningCredentials = new SigningCredentials(
+                new SymmetricSecurityKey(Encoding.UTF8.GetBytes(
+                    node.Token
+                )),
+                SecurityAlgorithms.HmacSha256
+            )
+        };
+
+        var securityToken = jwtSecurityTokenHandler.CreateJwtSecurityToken(securityTokenDescriptor);
+
+        return jwtSecurityTokenHandler.WriteToken(securityToken);
+    }
+
    public async Task<SystemStatusResponse> GetSystemStatus(Node node)
    {
        using var apiClient = await CreateApiClient(node);
@@ -47,13 +74,13 @@ public class NodeService
        using var apiClient = await CreateApiClient(node);
        return await apiClient.GetJson<StatisticsApplicationResponse>("api/statistics/application");
    }
-    
+
    public async Task<StatisticsHostResponse> GetHostStatistics(Node node)
    {
        using var apiClient = await CreateApiClient(node);
        return await apiClient.GetJson<StatisticsHostResponse>("api/statistics/host");
    }
-    
+
    public async Task<StatisticsDockerResponse> GetDockerStatistics(Node node)
    {
        using var apiClient = await CreateApiClient(node);